'Free' downloads of Oscar-nominated movies are actually nasty bundles of malware

Joker
(Image credit: Warner Bros.)

Security researchers at Kaspersky have found hundreds of sites hosting bundles of malicious software, presented as free downloads of this year's Oscar-nominated movies. They also discovered a slew of phishing sites that tricked users into entering confidential information and even credit card details, using films including 1917 and Jojo Rabbit as bait.

With the Oscars awards ceremony due to take place on February 9, criminals are exploiting people's increased interest in the nominees for Best Picture. According to Kaspersky's report, Joker was the movie most commonly used to lure victims into downloading malware and handing over their bank details.

Malicious downloads typically start to appear around the time movies arrive on real streaming sites, as people start searching for other ways to watch them online. 

"Cybercriminals aren’t exactly tied to the dates of film premieres, as they are not really distributing any content except for malicious data,” said Kaspersky malware analyst Anton Ivanov.

"However, as they always prey on something when it becomes a hot trend, they depend on users’ demand and actual file availability. To avoid being tricked by criminals, stick to legal streaming platforms and subscriptions to ensure you can enjoy a nice evening in front of the TV without having to worry about any threats."

Oscar bait

The best way to protect yourself from such malware attacks is to play by the rules, and only stream movies from legitimate sites and services such as Netflix, Amazon Prime Video, Hulu or Disney+ (we've assembled a guide to all the best streaming services to help you choose).

Before trying a new site or service, do some research to check that it's legitimate, and remember that if it seems too good to be true, it almost certainly is.

Phishing websites can be hard to spot, and are sometimes nearly identical to the sites they're impersonating. Always take a good look at the address bar to see which domain you're actually on, and don't click links from unknown sources in emails (instead, visit the site directly by typing its URL).

TOPICS
Cat Ellis
Homes Editor

Cat is TechRadar's Homes Editor specializing in kitchen appliances and smart home technology. She's been a tech journalist for 15 years and is an SCA-certified barista, so whether you want to invest in some smart lights or pick up a new espresso machine, she's the right person to help.

Latest in Antivirus
Kaspersky Antivirus is banned in the US – here are 3 superb alternatives
A person holding an iPhone close to the camera with the Google search homepage displayed onscreen
That Google Ad you click could be dangerous—here’s why
A stressed out hacker looking at a laptop screen
Your antivirus software will get a major boost from this new hacking competition
Promotional material for McAfee online protection.
Protect your online life with the power of McAfee
"Best Free Antivirus Software" next to a laptop being opened
Best free antivirus in 2025
Antivirus
Which antivirus software works with Malwarebytes?
Latest in News
Xbox Series X and Xbox wireless controller set to a green background
Xbox Insiders are currently testing a new Game Hub feature that looks useful, but I've got mixed feelings about it
A stylized depiction of a padlocked WiFi symbol sitting in the centre of an interlocking vault.
Broadcom warns of worrying security flaws affecting VMware tools
Microsoft Surface Laptop and Surface Pro devices on a table.
Hate Windows 11’s search? Microsoft is fixing it with AI, and that almost makes me want to buy a Copilot+ PC
Oura Ring 4
Activity tracking on Oura Ring is about to get a whole lot better, but I've got bad news about your step count
Google Pixel Buds Pro 2
Cleaned your Pixel Buds Pro 2 recently? If not, you might be getting worse sound
Google Maps on a phone being held in someone's hand
Google Maps is getting two key upgrades, for easier route planning and quicker access to Gemini AI